LTS report for April 2020 - Abhijith PA
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
April was my 26th month as a Debian LTS paid contributor.I was
assigned 14 hours. I was only able to spent 10 hours.
* apache-log4j2: Backporting CVE-2020-9488 needs backporting couple of
java classes from upstream and is intrusive. Another fast
mitigation upstream suggest is to set the system property
mail.smtp.ssl.checkserveridentity to true to globally enable hostname
verification. Thus marked it as no-dsa.
* otrs2: Continued my work from last month on this package. A new CVE
reported CVE-2020-1774. Uploaded with 3 CVEs fixed and 3 marked as
no-dsa. DLA-2198-1[1]
* mumble: Attempted to upgrade Jessie's version to 1.2.18.
Unfortunately Stretch version is also vulnerable to DoS. I've written
the current status here[2]
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html
[2] - https://lists.debian.org/debian-lts/2020/05/msg00008.html
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl63mqYACgkQhj1N8u2c
KO9vVw/+NDapmJFYobndjq6ZJzpjy97HGxddbLM6CGNOLQJsO/TsqhVtA2TbdtFk
SuVLh4aT8jwFZNewXutlN7uR2FTi5jeX+SlJc7HKTqarRhRAksPHj3onJstj5424
zwJlHDZfqzd+Er2cFjfLOVXYHJOMwdFRa7Y+/wW5HrsQcyt21wXa3ZKEq0SfiT4W
uyJO7ZQJv60FNFarXLqovoNQ4fi3G4dbPSDJMw8rLzFb7/W7n3GaiuUBrhjts1JZ
Dq8JR819/j544R4rjz96qqqx8Cyh6OJnMWjMy/4evMRjzFiZMGv/DzAWDkl+/Qap
qfclgoBu/plRY1in+6morMaj7dgfd7NEKZWz3BOtlEpIIJE6QfsSaZJm8truHbwD
IA8OCoE+vC8bH2x+odwse7OzB62a4rPuao5EMkuha96IZ/nkfjP+UgGKwHOM0bSU
hlrI1pT38oBAbB875YONE5Tt3uCb1qG4fdZHvav6VRAerk/1mZicZKXdAul5etmJ
5vC6YJJDa8byJA1/KeyhjVQedFiWV0qgM/G27mCrzL1F3WUzFIhEa2qCM5jOFiI7
TOYj6P+fLRVYxNF9ZK249ke6BrFaZExTRr2BXRhFLudXEJC98DVepRvZFaNYmE+y
VEYF5FpkdEo4QI2uogezihopQ0gZEUu/MLf9CKP6AmhcEdDfTCM=
=fWNI
-----END PGP SIGNATURE-----
Reply to: